Privileged User Management and Access Control

A SOLUTION FOR INFORMATION SYSTEMS CONTROL & TRACEABILITY

Wallix AdminBastion (WAB) is a solution that can be installed in your Information Systems environment in a matter of hours and that provides information, in real or delayed time, on who did what, where and how. With WAB, you can also control the access of your IT service providers, whether these are internal or external. Additionally you can record their work sessions and review them as and when needed (audit, incident, etc.).

With WAB, you can now easily manage the turnover of your IT teams eliminating concerns about individuals, that are no longer a part of your organization, having privileged access to your IT systems. WAB enables you to effectively implement an IT security policy based on international standards like ISO27001.

With WAB, compliance with standards and regulations becomes an achievable task!

TRACEABILITY (WHO, WHEN, HOW ?)

You will know in real or delayed time who is connected to your Information Systems, when and how (SSH, RDP etc). Wallix AdminBastion (WAB) enables the traceability of connections and actions performed by external service providers and internal IT teams on Servers and Devices managed by WAB. The connection log keeps a trace of all connection data and using the web console, you can monitor connections in real-time and view the log.

ACCESS CONTROL

Thanks to simple and powerful rules, you control access to Servers and Devices. These rules are based on criteria such as IP address, login, time periods or the type of session (interactive, file transfer etc.). WAB applies an access control policy to each user according to his/her profile - with the possibility of authorizing or not, the use of an account on a device, or file transfer via SSH.

SESSION RECORDING (WHAT ?)

The actions triggered on the target device are continuously recorded for later review, whether these are command line sessions (SSH, Telnet, rsh), or graphical Windows Terminal Server (RDP, VNC) sessions. Recording these sessions provides an accurate account of the actions performed by a service provider or internal IT administrator, thus facilitating the understanding of any abnormal events.

PASSWORD MANAGEMENT

Wallix AdminBastion (WAB) centralized authentication enables all WAB users to log onto Servers and Devices for which they are authorized using a single password and without the need to know the password for the account on the target device. Passwords for the target accounts are managed by the WAB and stored securely in the WAB database using AES 256 symmetric encryption.

COMMAND MANAGEMENT

Wallix AdminBastion (WAB) enables command management through SSH Flow Scanning to filter commands in real-time to detect undesirable shell commands and trigger an email notification or automatic disconnection if a prohibited character string is detected.

CRITICAL ACCOUNT MANAGEMENT

Any target account can be declared as “Critical” - for the example the “root” or “administrator” account on the Server hosting the financial applications. If a user logs onto a “Critical” account, an alert email is sent to a pre-determined individual, informing him/her of the connection to this critical account. Through the WAB web administration interface, this connection can then be blocked if required.

For more information about the Wallix AdminBastion solution, please contact us at infosec@gsn.ae